Help with SNMP traps?

[jbennett]

It did however say that it had found unknown traps as well, which may very well be what is happening to your traps. Does the /var/log/snmptt/snmpttunknown.log file exist? I see you and Scott had spoken about it before, but that was never specified whether or not that file existed and when its last modification date was. Can you see if it exists, when was it created? Then what exists inside of it? If the OIDs that are getting relegated to the unknown log are the traps you want to have Nagios use, we'll have to add those to an snmptt.conf file.

Yes, it exists and it is being populated by a number of unknown traps from a specific PDU that we only have a handfull of. I am trying to get the majority of our PDUs and UPSs working on traps before moving onto this handfull. (These traps that are showing up in snmpttunknown are using the standard community string of 'public' and there doesn't appear to be a way to change it on the PDUs, I haven't dove off into this issue as it's secondary at this point).

However, if I go back to the snmpttunknown.log.1 file I do see some traps from a unit which should be configured correctly:

This is what is showing in the log:

Code: Select all

Sun Mar 31 04:22:04 2013: Unknown trap (.1.3.6.1.4.1.2468.1.2.1.2) received from xxx.xxx.xxx.xxx at:
Value 0: xxx.xxx.xxx.xxx
Value 1: xxx.xxx.xxx.xxx
Value 2: 47:12:37:36.93
Value 3: .1.3.6.1.4.1.2468.1.2.1.2
Value 4: xxx.xxx.xxx.xxx
Value 5:
Value 6:
Value 7:
Value 8:
Value 9:
Value 10:
Ent Value 0: .1.3.6.1.4.1.2468.1.2.1.1.2.4.0=100
Ent Value 1: .1.3.6.1.4.1.2468.1.2.1.1.2.5.0=1080
Ent Value 2: .1.3.6.1.4.1.2468.1.2.1.1.2.2.0=0
Ent Value 3: .1.3.6.1.4.1.2468.1.2.1.2=The UPS has switched to battery backup power

This is from my /etc/snmp/snmptt.conf file:

Code: Select all

MIB: USHA-MIB (file:./USHAP.MIB) converted on Tue Jan 29 15:05:39 2013 using snmpttconvertmib v1.3
#
#
#
EVENT ushaPowerRestored .1.3.6.1.4.1.2468.1.2.1.2.0.1 "Status Events" Normal
FORMAT INFORMATION: Utility power has been restored. $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "INFORMATION: Utility power has been restored. $*"
SDESC
INFORMATION: Utility power has been restored.
Variables:
EDESC
#
#
#
EVENT ushaPowerFail .1.3.6.1.4.1.2468.1.2.1.2.0.2 "Status Events" Critical
FORMAT WARNING: Utility power not available. $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "WARNING: Utility power not available. $*"
SDESC
WARNING: Utility power not available.
Variables:
EDESC
#
#
#
EVENT ushaReturnFromLowBattery .1.3.6.1.4.1.2468.1.2.1.2.0.3 "Status Events" Normal
FORMAT INFORMATION: The UPS has returned from a low battery $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "INFORMATION: The UPS has returned from a low battery $*"
SDESC
INFORMATION: The UPS has returned from a low battery
condition.
Variables:
EDESC
#
#
#
EVENT ushaLowBattery .1.3.6.1.4.1.2468.1.2.1.2.0.4 "Status Events" Warning
FORMAT SEVERE: The UPS batteries are low and will soon be exhausted. $*
EXEC /usr/local/bin/snmptraphandling.py "$r" "SNMP Traps" "$s" "$@" "$-*" "SEVERE: The UPS batteries are low and will soon be exhausted. $*"
SDESC
SEVERE: The UPS batteries are low and will soon be exhausted.
If utility power is not restored the UPS will put itself
to 'sleep' and immediately cut power to the load.
Variables:
EDESC
#
#
#

These OIDs go all the way out to .1.3.6.1.4.1.2468.1.2.1.2.0.4.38

When I compare the two OIDs (from unknown.log and from snmptt.conf), it appears as if the unknown.log is either truncating the OID or the UPS simply isn't sending the whole OID?

Would this cause the problem? I will have to dig through the others to see if the same is happening for the other PDUs that we are running.

[abrist]

If the PDU/UPS unit are locked to "public" you may need to alter your configuration to accept traps from the "pubilc" community.

[jbennett]

If the PDU/UPS unit are locked to "public" you may need to alter your configuration to accept traps from the "pubilc" community.

That's fine and all, but as I stated in my post, I'm not worried about THOSE PDUs at this point as they are far fewer than the others. My concern right now is not those few PDUs (maybe 10?) but the 300something OTHER PDUs that I'm trying to monitor via traps.

[jbennett]

ok - looking at the snmpttunknown.log files and comparing them to the snmptt.conf file, it's apparent that the last few digits of the OIDs are being truncated as they show up in the snmpttunknown.log file.

This is happening on both the UPSs & the PDUs (different manufacturers).

What would be causing this?

EDIT: doing some searching, I'm beginning to wonder if this is actually a bug in the net-snmp version that I'm running: 5.3.2.2

I've seen a few posts discussing a bug in SNMP, but is the one of the more related ones: http://opennms.530661.n2.nabble.com/Nod ... 48335.html

It also appears that RedHat currently only supports 5.3.2.2, not the newer versions.

[lmiltchev]

EDIT: doing some searching, I'm beginning to wonder if this is actually a bug in the net-snmp version that I'm running: 5.3.2.2

We will have to do some digging on this one and get back to you as soon as we find out what's causing the problem.

[jbennett]

EDIT: doing some searching, I'm beginning to wonder if this is actually a bug in the net-snmp version that I'm running: 5.3.2.2

We will have to do some digging on this one and get back to you as soon as we find out what's causing the problem.

Thanks.

Just to be sure, I'm going through and changing everything to public from our custom community string since I can't change it on some of the PDUs.

[scottwilkerson]

Thanks.

Just to be sure, I'm going through and changing everything to public from our custom community string since I can't change it on some of the PDUs.

Let us know if the proper data starts coming in for these.

[jbennett]

I have a PDU that has gone off of the network and has been off for approximately 40 minutes. The last SNMP Trap from this PDU shows to be from just 2 minutes ago and is coming across as OK.

I have changed the host name of every UPS on our network to be the IP address instead of a location identifier, as suggested earlier.

However, I am still getting the auth failure in my snmptt.log as well as unknown traps in the snmpttunknown.log

[scottwilkerson]

If you are getting items in snmpttunknown.log it would seem that the MIBs for the particular items have not been added with the addmib command
(page 2) http://assets.nagios.com/downloads/nagi ... ith_XI.pdf

as for the auth failure in my snmptt.log, are all devices using the same community string?

[jbennett]

Yes, I have changed every device to use the public community string.

The MIB file that was provided for the PDUs that are showing up in snmpttunknown.log are not in the same format as what I show in the processed MIB file.

In snmpttunknown.log, the MIB is coming across as .1.3.6.1.4.1.17420.0.6 while in snmptt.conf the MIBs for this device are in the following format: .1.3.6.1.4.1.17420.0.105 - .108.

Code: Select all

# snmptranslate .1.3.6.1.4.1.17420.0.6
SNMPv2-SMI::enterprises.17420.0.6

Is this to assume that the MIB file from the manufaturer is incorrect?

From the PDUMIB.mib file:

Code: Select all

devOutOfThreshold1 TRAP-TYPE
        ENTERPRISE pdu
        DESCRIPTION
                "WARNING: DEV current out of threshold 1."
 ::= 105


devOutOfThreshold2 TRAP-TYPE
        ENTERPRISE pdu
        DESCRIPTION
                "CRITICAL: DEV current out of threshold 2."
 ::= 106


--devCommunicationLost TRAP-TYPE
--      ENTERPRISE pdu
--      DESCRIPTION
--              "CRITICAL: DEV Communication lost."
-- ::= 107

devBackToNormal TRAP-TYPE
        ENTERPRISE pdu
        DESCRIPTION
                "NORMAL: DEV back to normal states"
 ::= 108

END

From the snmpttunknown.log:

Code: Select all

Wed Apr 17 08:45:12 2013: Unknown trap (.1.3.6.1.4.1.17420.0.6) received from xxx.xxx.xxx.xxx at:
Value 0: xxx.xxx.xxx.xxx
Value 1: xxx.xxx.xxx.xxx
Value 2: 153:19:11:51.49
Value 3: .1.3.6.1.4.1.17420.0.6
Value 4: xxx.xxx.xxx.xxx
Value 5: public
Value 6: .1.3.6.1.4.1.17420
Value 7:
Value 8:
Value 9:
Value 10:
Ent Value 0: .1.3.6.1.4.1.17420.3.105.0=Switch-11111111,